Senior Infrastructure Security Engineer

San Francisco or Remote (EST Time Zone Preferred) /
Loom Team – Engineering /
About Loom:
Loom is on a mission to empower everyone at work to communicate more effectively, wherever they are. We are already trusted by over 7M users across 90k+ companies. Our customers are global and use Loom at work at world-class companies including HubSpot, Square, Uber, GrubHub, and LinkedIn.

Founded in 2015, Loom has raised $73 million from top-tier investors including Sequoia Capital, Kleiner Perkins, Coatue, the Slack Fund, and the founders of Instagram, Figma, and Front.

The Role:
As our first infrastructure security engineer, you will be responsible for all aspects of security and compliance of Loom's video service infrastructure. We’re a small team, so your contributions will have a meaningful impact on the company’s success. 

We're looking for someone with both a broad knowledge of security and deep knowledge of cloud security. You will have had experience across a range of technical disciplines: operating system internals and hardening (e.g. Windows, Linux, OS X, Android); security monitoring, and assessments; authentication and access control; development of security tools and automation. This is a senior role, and we're looking for someone who has experience with a variety of real-world security issues.


    • Build enterprise-grade secure cloud infrastructure and policies to protect Loom networks and systems.
    • Design and develop frameworks, tools, and best practices to protect and mitigate any forms of risk.
    • Work with the compliance and governance teams to implement compliance and security requirements.
    • Help manage our pen testing and bug bounty program.
    • Lead and mentor other engineers and evangelize security practices to foster a culture of security companywide.

What We're Looking For

    • 3-5 years of industry experience developing and implementing fundamental security features and solutions using security frameworks such as CIS, NIST, ISO, SOC2, etc.
    • Excellent understanding of information security, cryptography, secure networking, logging/detection, cloud security architecture (GCP/AWS), IAM/PAM, security policies, and code signing concepts.
    • Experience designing and deploying public key infrastructure, authorization systems, and/or key management systems.
    • Experience in web app security, vulnerability research, and penetration testing
    • Knowledge of network-based and system-level attacks and mitigation methods
    • 3+ years of programming with Python or Go
Perks at Loom:
* Competitive compensation and equity package
* 99% company paid medical, dental, and vision coverage for employees and dependents (for US employees)
* Flexible Spending Account (FSA) and Dependent Care Flexible Spending Account (DCFSA)
* Healthcare reimbursement (for International employees) 
* Life insurance
* Long-term disability insurance
* 401(k) with 5% company matching
* Professional development reimbursement
* Mental health and wellness reimbursement
* Gym reimbursement
* Unlimited PTO 
* Paid parental leave
* Remote work opportunities 
* Yearly off-site retreats (this year was in Barbados)
SF office perks
* Daily lunch on-site
* Unlimited snacks & drinks
* Remote week every other month

Remote-specific perks
* Home office & technology reimbursement
* Co-working space reimbursement 
* New-Hire on-boarding in San Francisco (optional)

Loom = Equal Opportunity Employer:
We are actively seeking to create a diverse work environment because teams are stronger with different perspectives and experiences.

We value a diverse workplace and encourage women, people of color, LGBTQIA individuals, people with disabilities, members of ethnic minorities, foreign-born residents, older members of society, and others from minority groups and diverse backgrounds to apply. We do not discriminate on the basis of race, gender, religion, color, national origin, sexual orientation, age, marital status, veteran status, or disability status. All employees and contractors of Loom are responsible for maintaining a work culture free from discrimination and harassment by treating others with kindness and respect.